Overview

overview

10

Static

static

10

b8cb324149...9b.exe

windows7-x64

10

b8cb324149...9b.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    33s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    03-06-2023 08:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b8cb324149c343db7b97aa57a030ad9b.exe

  • Size

    321KB

  • MD5

    b8cb324149c343db7b97aa57a030ad9b

  • SHA1

    f1a8772d3709f8193c58893723f12b14ba0c6217

  • SHA256

    053c3cf58d6dbbd7d140277db2141a5f5e0ff73d6b00dfa84e965fb5ab425afa

  • SHA512

    50694988fd43f37beacefa42ac6850b11338c44be7f755492bef5b2dd1694a78e3118e7479690cd32cca4b82c87ee5e4ce9b69a637609f2de49f462dc7eae675

  • SSDEEP

    6144:Peny2oo7LEeU0SHN7rvRaLWI+PpOYx+k1Ul9sq4CydxrbA3r9u:P12N7geuhrvdPp2lqBdxg3Z

Score
10/10
dcratinfostealerrat

Malware Config

Signatures

  • DcRat

    DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    ratinfostealerdcrat
  • DCRat payload 2 IoCs

    Detects payload of DCRat, commonly dropped by NSIS installers.

    rat
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b8cb324149c343db7b97aa57a030ad9b.exe
    "C:\Users\Admin\AppData\Local\Temp\b8cb324149c343db7b97aa57a030ad9b.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1604

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1604-54-0x0000000001270000-0x00000000012C6000-memory.dmp
    Filesize

    344KB

    Download
  • memory/1604-55-0x000000001AE90000-0x000000001AF10000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1604-56-0x000000001AE90000-0x000000001AF10000-memory.dmp
    Filesize

    512KB

    Download